CVE-2023-28128

HIGH

Ivanti Avalanche < 6.3.4.153 - Unrestricted Upload of File with Dangerous Type

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-28128. PoCs published by Piotr Bazydlo, Shelby Pace, including Metasploit module exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.

AI-analyzed exploit summary This Metasploit module exploits CVE-2023-28128 in Ivanti Avalanche by leveraging MS-DOS style short names to change the FileStore configuration path to the web root, enabling JSP file upload and RCE as NT AUTHORITY\SYSTEM.

Description

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

Exploits (1)

metasploit WORKING POC EXCELLENT
by Piotr Bazydlo, Shelby Pace · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/ivanti_avalanche_filestoreconfig_upload.rb

This Metasploit module exploits CVE-2023-28128 in Ivanti Avalanche by leveraging MS-DOS style short names to change the FileStore configuration path to the web root, enabling JSP file upload and RCE as NT AUTHORITY\SYSTEM.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ivanti Avalanche < 6.4.0.186
Auth required
Prerequisites: Valid credentials for Ivanti Avalanche · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.8470
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (1)
ivanti/avalanche < 6.3.4.153
Published May 09, 2023
Tracked Since Feb 18, 2026